HIPAA Compliance & Security

Enterprise-grade data protection and regulatory compliance

HIPAA CompliantSOC 2 Type IIGDPR Ready

Our Commitment to Data Security

JustShowUp is built from the ground up with healthcare data security as our top priority. We implement industry-leading encryption, access controls, and audit mechanisms to ensure your patients' protected health information (PHI) remains secure and compliant with HIPAA, HITECH, and state privacy regulations. Our platform undergoes regular third-party security audits and maintains SOC 2 Type II certification.

Data Encryption

Military-grade encryption at rest and in transit

Encryption at Rest

  • AES-256 encryption for all stored PHI data
  • Database-level encryption with AWS RDS encryption
  • Encrypted backups stored in geographically distributed data centers
  • Key rotation every 90 days with AWS KMS

Encryption in Transit

  • TLS 1.3 for all data transmission
  • Perfect Forward Secrecy (PFS) enabled
  • Certificate pinning for mobile applications
  • End-to-end encryption for video consultations

Access Controls

Role-based permissions and multi-factor authentication

Role-Based Access Control (RBAC)

  • Granular permissions by role (Admin, Provider, Caregiver, Patient)
  • Minimum necessary access principle enforced
  • Custom role creation for enterprise clients

Multi-Factor Authentication

  • Required for all provider accounts
  • SMS, authenticator app, and hardware token support
  • Biometric authentication for mobile apps

Session Management

  • Automatic timeout after 15 minutes of inactivity
  • Single sign-on (SSO) integration available
  • Device fingerprinting and anomaly detection

Audit Logs & Monitoring

Comprehensive activity tracking and real-time alerts

What We Log

User Activity

All login attempts, password changes, role modifications, and access requests

PHI Access

Every view, edit, download, or export of patient data with timestamp and user ID

System Events

Configuration changes, security incidents, and system errors

Audit Capabilities

  • Real-time monitoring with automated anomaly detection
  • 7-year retention of all audit logs per HIPAA requirements
  • Tamper-proof logs with cryptographic hashing
  • Exportable reports for compliance audits
  • Automated alerts for suspicious activity
  • SIEM integration for enterprise security teams

Business Associate Agreement

HIPAA-compliant BAA available

As a covered entity or business associate, you need assurance that your vendors are HIPAA compliant. We provide a comprehensive Business Associate Agreement (BAA) that clearly defines our responsibilities for protecting PHI and outlines breach notification procedures.

Fully executed BAA provided before data processing
Covers all HIPAA Privacy and Security Rule requirements
Breach notification within 24 hours

Certifications & Audits

Third-party validated security

SOC 2 Type II
Current

Annual audit by independent CPA firm covering security, availability, and confidentiality

Last audit: December 2025

HITRUST CSF Certified
Current

Healthcare-specific security framework certification

Certification date: October 2025

Penetration Testing
Quarterly

Third-party penetration testing every 90 days with remediation tracking

Incident Response & Breach Notification

Rapid response to security incidents

<24h
Detection & Containment

Automated monitoring detects anomalies within minutes; incident response team contains threats within 24 hours

24h
Customer Notification

Covered entities notified within 24 hours of breach discovery per BAA requirements

60d
HHS Reporting

Breaches affecting 500+ individuals reported to HHS within 60 days per HIPAA requirements

Download Our Security Whitepaper

Get the complete technical documentation of our security architecture, compliance certifications, and data protection measures. Perfect for security teams and compliance officers evaluating JustShowUp.

  • Detailed encryption specifications
  • Network architecture diagrams
  • Audit log samples and reports
  • Third-party audit summaries